Regardless, MBTA was still successful in stopping the DEF CON presentation

A federal judge lifted the temporary gag order placed on three MIT students Tuesday, who were originally set to give a presentation at DEF CON that outlined a number of security holes in the Massachusetts Bay Transportation Authority’s RFID-based fare infrastructure.

The MBTA originally sued the three student researchers earlier this month in an attempt to stop the trio from delivering their presentations. While its efforts were successful — the presentation was snuffed – the lawsuit was one day late. Slides of the presentation were already published in a CD-ROM handed to DEF CON attendees earlier in the day, and soon after posted online (PDF) by MIT student newspaper The Tech.

In his ruling, Federal Judge George O’Toole said that the chances of the MBTA prevailing on its claims under the Computer Fraud and Abuse Act was “minimal,” in which it tried to invoke the Act’s protections from “transmission” of a damaging computer program for the trio’s verbal presentation.

“So the attempt to stretch the Computer Fraud and Abuse Act has failed. Please read the statute for yourself, and ask yourself: do you want talking about computers and security to become a crime punishable by fines and imprisonment and subject to FBI and Secret Service oversight?” asks law and technology blog Groklaw. “That's what almost just happened.”

“At first glance, the issues at play may appear obscure, and of interest only to technical researchers and lawyers,” reads an EFF analysis of the situation. “But … the right to publish without pre-publication review is part of the purpose of the 1st amendment, and one of the reasons Americans fought the Revolutionary War.”

“The MIT students were behaving as good citizens within this culture of security research. They met with the MBTA before the presentation. They never planned to expose the full details of their successful expose of the vulnerability of the MBTA's fare system … The free speech implications are even more important because showing faults with a government agency's systems is core political speech. The Boston Heraldreports that an MBTA Advisory Council Member was concerned with the fare card payment systems (in light of this controversy), and noted that the ‘T gave a no-bid contract for CharlieCard services to a former government employee.’ This makes the public interest in this matter even stronger,” it reads.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

I wouldn't mind if they were charged with a direct hack. But preventing the free flow of information is very dangerous. There have times people have been charged just for discussing the fact that there might be a weakness in a large public system. Those sorts of acts have a terrible chilling effect.